main.bro¶

FTP¶

The logging this script does is primarily focused on logging FTP commands along with metadata. For example, if files are transferred, the argument will take on the full path that the client is at along with the requested file name.

Namespace:	FTP
Imports:	base/protocols/ftp/info.bro, base/protocols/ftp/utils-commands.bro, base/protocols/ftp/utils.bro, base/utils/addrs.bro, base/utils/numbers.bro, base/utils/paths.bro
Source File:	`/scripts/base/protocols/ftp/main.bro`

Summary¶

Runtime Options¶

`FTP::guest_ids`: `set` `&redef`	User IDs that can be considered “anonymous”.
`FTP::logged_commands`: `set` `&redef`	List of commands that should have their command/response pairs logged.

Types¶

FTP::ReplyCode: record This record is to hold a parsed FTP reply code.

Redefinitions¶

`Log::ID`: `enum`	The FTP protocol logging stream identifier.
`connection`: `record`
`likely_server_ports`: `set` `&redef`

Events¶

FTP::log_ftp: event Event that can be handled to access the FTP::Info record as it is sent on to the logging framework.

Functions¶

FTP::parse_ftp_reply_code: function Parse FTP reply codes into the three constituent single digit values.

Detailed Interface¶

Runtime Options¶

FTP::guest_ids¶

Type:	`set` [`string`]
Attributes:	`&redef`
Default:

{
   "anonymous",
   "ftpuser",
   "guest",
   "ftp"
}

User IDs that can be considered “anonymous”.

FTP::logged_commands¶

Type:	`set` [`string`]
Attributes:	`&redef`
Default:

{
   "EPSV",
   "STOR",
   "ACCT",
   "APPE",
   "STOU",
   "PORT",
   "DELE",
   "RETR",
   "PASV",
   "EPRT"
}

List of commands that should have their command/response pairs logged.

Types¶

FTP::ReplyCode¶

Type:

Type:	`record` x: `count` y: `count` z: `count`

record

x: count

y: count

z: count

This record is to hold a parsed FTP reply code. For example, for the 201 status code, the digits would be parsed as: x->2, y->0, z->1.

Events¶

FTP::log_ftp¶

Type:	`event` (rec: `FTP::Info`)

Event that can be handled to access the FTP::Info record as it is sent on to the logging framework.

Functions¶

FTP::parse_ftp_reply_code¶

Type:	`function` (code: `count`) : `FTP::ReplyCode`

Parse FTP reply codes into the three constituent single digit values.

base/protocols/ftp/main.bro¶

Summary¶

Runtime Options¶

Types¶

Redefinitions¶

Events¶

Functions¶

Detailed Interface¶

Runtime Options¶

Types¶

Events¶

Functions¶

Table of Contents

Next Page

Previous Page

base/protocols/ftp/main.bro¶

Summary¶

Runtime Options¶

Types¶

Redefinitions¶

Events¶

Functions¶

Detailed Interface¶

Runtime Options¶

Types¶

Events¶

Functions¶

Table of Contents

Next Page

Previous Page

Search